Two-factor Authentication Devices
  • 3 Minutes to read
  • PDF

Two-factor Authentication Devices

  • PDF

Article summary

The Two-Factor Authentication section of the Admin Platform's user profile lists the devices chosen by the user for two-factor authentication (2FA), which users can manage in their Digital Banking Security Settings. This article describes the three options in this section.

Generate Backup Codes

Select Generate Backup Codes to generate backup codes for a user. Staff users with the permission "Can generate lockout codes user" can generate backup codes for customers. Only Admin-level staff users with the permission "Can generate lockout codes user" can generate backup codes for other staff users in addition to customers. For instructions, go to Generate Backup Codes for Locked Users.
Warning: This is a very high-risk action. You should only generate backup codes for a user if you are absolutely certain they are legitimate.

Communication Method

Select Communication Method to configure whether an end user gets their 2FA code via text message or phone call. A phone number 2FA device can be either a mobile number type that supports SMS texts, or a landline/VoIP number type that supports voice calls. Sometimes Twilio's default number type for a given phone number is incorrect; for example, Twilio is sending 2FA codes via text when the number only supports calls. Or, a Google Voice user is getting 2FA codes via call but they want texts.
This option is enabled only for staff users with the permission “Can update 2FA device number type.” This option will not appear for email or app 2FA devices.

Twilio CNAM and Voice Call Integrity

Two-factor authentication (2FA) is important to securing user accounts and transactions, but users may sometimes overlook or mistrust 2FA verification phone calls, leading to potential security risks and user inconvenience. To ensure the quality and reliability of phone calls, all Narmi customers are automatically registered for CNAM (Caller ID Name) and Voice Integrity with Twilio and its carrier partners. CNAM allows you to brand landline calls with a business name in the Caller ID field, while Voice Integrity ensures your legitimate calls are not mislabeled as spam.

For users who specified a phone number as the device to receive their 2FA verification codes, the following applies (depending on the communication method selected above): 

  • Text messages to mobile phones display your financial institution's name.
  • Voice calls to landline phones display your institution's name as the Caller ID.
  • Voice calls to mobile phones display your institution's phone number and city, but not your institution's name.
  • Voice calls to mobile phones do not display a "Spam Risk" label.
  • The voice that reads the verification code for phone calls (on both landline and mobile) reads the name of your institution before delivering the code.
  • For institutions that only use our Account Opening product, only Staff users see "Narmi" as the caller ID on landline phones.

Fetch Notification History

Select Fetch Notification History to view the SMS notification history for each phone number listed in an individual user’s profile. This allows your staff to verify if a user’s 2FA notifications were delivered and see delivery logs for any SMS alerts that the user has set up. Only SMS notification history is shown. Voice call history to landline phone numbers is not shown.
To enable notification history, add the permission "Can view notification history" to the appropriate staff user roles. Admins will be able to access it by default.
Note: This tool is not available in UAT environments because SMS messages are not sent in UAT.

A page appears listing the content of each message, along with the Date, Status, Body text of the SMS message, From number, and To number. Verification codes in the body text are hidden for security.

Possible statuses are:

  • Delivered – Twilio has received confirmation of message delivery from the carrier and the destination handset (where available).
  • Delivery unknown – This indicates that a message has remained in the sent status for longer than 1 hour without receiving a further status update. Select the info icon to view the Twilio error code.
  • Failed – The message could not be sent. This can happen for various reasons including queue overflows, account suspensions, and media errors (in the case of MMS). Select the info icon to view the Twilio error code.
  • Sent – Twilio has not received updated delivery information for your message. Typically, a sent status will be replaced by a delivered or undelivered status within seconds or minutes.
  • Undelivered – Twilio has received a delivery receipt indicating that the message was not delivered. This can happen for many reasons including carrier content filtering, availability of the destination handset, etc. Select the info icon to view the Twilio error code.

To fetch notification history for a different number, enter a new Destination phone number and select Fetch SMS Notification History to refresh results.

View detailed descriptions for Twilio error codes at Twilio Docs.

For more information on 2FA in our products, go to Two-factor Authentication. For information on Twilio, go to Our Standard and Optional Third-Party Vendors.

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.

Eddy, a generative AI, facilitating knowledge discovery through conversational intelligence